isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11,831 Commits 1 Branch 0 Tags
c341608072a33c74fa3e534e987d6d3513f19b51
Commit Graph

96 Commits

Author SHA1 Message Date
Todd C. Miller
dfe26f8c34 If building with address sanitizer make sure its DSO is first. 
Address sanitizer requires that it be preloaded before any other
DSO in LD_PRELOAD.  This should not be required for clang, which
links in asan statically by default.
 2021-08-09 15:50:26 -06:00
Todd C. Miller
6287e8ca7d Add support for loading the sudo_intercept.so DSO. 2021-08-09 15:50:25 -06:00
Todd C. Miller
fda17ecfda Rename logsrvd log dir to /var/log/sudo_logsrvd. 2021-05-02 08:28:19 -06:00
Todd C. Miller
6f5b353e87 Add configuration for sudo_logsrvd store-and-forward mode. 
Adds "relay_dir" and "store_first" settings to sudo_logsrvd.conf
in the [relay] section.  Also adds a --with-relaydir configure
argument to change the default value (usually /var/log/logsrvd-relay.
 2021-04-23 16:54:15 -06:00
Todd C. Miller
a5504148a5 Add admin_flag sudoers option and make --enable-admin-flag take a path. 
It is now possible to disable the Ubuntu admin flag in sudoers
or change its location.
GitHub issue #56
 2021-02-16 13:20:02 -07:00
Todd C. Miller
f908ddd1bf Create a pidfile for sudo_logsrvd when not run with the -n flag. 2020-03-29 05:05:08 -06:00
Todd C. Miller
bf85ea2bf7 Example audit plugin that writes JSON output to a log file. 2020-01-30 13:25:52 -07:00
Todd C. Miller
a808dd45c2 Add config file support for logsrvd 2019-10-24 20:04:31 -06:00
Todd C. Miller
1e1ef61902 Add SPDX-License-Identifier to files. 2019-04-29 07:21:51 -06:00
Todd C. Miller
5999cfb906 Add support for setting default options in a config file. In 
addition to expand_aliases, input_format and output_format, both
the initial sudoOrder and the increment when updating sudoOrder for
subsequent sudoRole objects can be specified.  Command line options
have also been added for the start order and increment.
 2018-02-24 09:23:14 -07:00
Todd C. Miller
48fba3c2cc update my email to Todd.Miller@sudo.ws 2017-12-03 17:53:40 -07:00
Todd C. Miller
6d4d4594b7 Use _PATH_DEV consistently 2017-06-29 18:10:53 -06:00
Todd C. Miller
cc71b99849 Add a new "devsearch" Path setting to sudo.conf for configuring the 
/dev paths to traverse instead of hard-coding a list in ttyname.c
The default value can be set at configure time.
 2017-05-30 10:44:11 -06:00
Todd C. Miller
9b027676c0 Use the value of ipa_hostname from /etc/sssd/sssd.conf if present 
instead of the system hostname.
 2016-06-04 19:52:10 -06:00
Todd C. Miller
c3c28773f5 Sanity check the TZ environment variable by special casing it in 
env_check.  The --with-tzdir configure option can be used to
specify the zoneinfo directory if configure doesn't find it.
 2015-02-06 11:01:05 -07:00
Todd C. Miller
8f75f65bba Only redefine _PATH_BSHELL on AIX if we included paths.h. 2014-09-20 10:16:46 -06:00
Todd C. Miller
7ab40be5c0 On AIX, _PATH_BSHELL is /usr/bin/bsh but we want to use /usr/bin/sh 
(which is usually ksh).  This makes sudo's behavior when executing
a shell without the #! magic number match execvp() on AIX.
 2014-09-20 09:21:51 -06:00
Todd C. Miller
d4d724b886 Whitespace changes. 2014-09-20 09:09:01 -06:00
Todd C. Miller
659b1f0e34 Switch to new time stamp file format. Each user now has a single 
file which may contain multiple records when per-tty time stamps
are in use (the default).  The time stamps use a monotonic timer
where available and are once again stored in /var/run/sudo.  The
lecture status is now stored separately from the time stamps in a
different directory.
 2014-01-30 15:50:40 -07:00
Todd C. Miller
d6282d154a Update copyright years. 2013-04-24 09:35:02 -04:00
Todd C. Miller
d89b1a6be2 Support for using SSSD (http://fedorahosted.org/sssd/) as a sudoers 
data source.  From Daniel Kopecek and Pavel Brezina.
 2012-08-10 11:59:26 -04:00
Todd C. Miller
5e6bc4017b Add check for _PATH_UTMP 2011-03-15 11:56:49 -04:00
Todd C. Miller
258a26d391 Add missing include of maillock.h for Solaris 2010-07-22 18:44:48 -04:00
Todd C. Miller
69ecb34581 If env_reset is enabled, set the MAIL environment variable based 
on the target user unless MAIL is explicitly preserved in sudoers.
 2010-07-19 12:50:59 -04:00
Todd C. Miller
5b9e39ac87 Use _PATH_STDPATH instead of _PATH_DEFPATH 2010-07-12 18:07:52 -04:00
Todd C. Miller
b72a530fd0 Update copyright year 2010-06-14 12:19:49 -04:00
Todd C. Miller
2dd29bf64d Break sudoers transcript feature up into log_input and log_output. 2010-05-30 10:31:38 -04:00
Todd C. Miller
b6a4cf7233 Modular sudo front-end which loads policy and I/O plugins that do 
most the actual work.  Currently relies on dynamic loading using
dlopen().  See doc/plugin.pod for the plugin API.
 2010-02-20 09:41:49 -05:00
Todd C. Miller
3bb69ffe81 Remove CVS $Sudo$ tags. 2010-01-17 19:51:28 -05:00
Todd C. Miller
0e823cdad2 _PATH_SUDO_SESSDIR -> _PATH_SUDO_TRANSCRIPT 
Add --enable-transcript=DIR option to specify the directory
 2009-09-25 20:39:09 +00:00
Todd C. Miller
3bfce30a85 First cut at session logging for sudo. Still need to write get_pty() 
for Unix 98 and old-style BSD ptys.  Also needs documentation and
general cleanup.
 2009-08-06 00:04:14 +00:00
Todd C. Miller
62b89f9dfc Update copyright years. 2009-05-25 12:02:42 +00:00
Todd C. Miller
838cb61086 Add support for AIX netsvc.conf (like nsswitch.conf). 2009-03-10 20:44:05 +00:00
Todd C. Miller
43c98580fc s/overriden/overridden/; from Tobias Stoeckmann 2008-11-10 13:07:38 +00:00
Todd C. Miller
ee04914164 Add support for running a helper program to read the password when 
no tty is present (or when specified with the -A flag).  TODO: docs.
 2008-03-02 14:31:57 +00:00
Todd C. Miller
f2b70188b6 Add support for SELinux RBAC. Sudoers entries may specify a role and type. 
There are also role and type defaults that may be used.  To make sure a
transition occurs, when using RBAC commands are executed via the new sesh
binary.  Based on initial changes from Dan Walsh.
 2008-02-09 14:30:06 +00:00
Todd C. Miller
6f2cd1b184 Rename read_nss -> sudo_read_nss 
Add --with-nsswitch to allow users to specify nsswitch.conf path or disable it.
If --with-nsswitch=no but --with-ldap, order is LDAP, then sudoers.
Fix --with-ldap-conf-file and --with-ldap-secret-file
 2008-01-01 18:22:03 +00:00
Todd C. Miller
7f323157a2 First cut at nsswitch.conf support. 
Further reorganizaton and related changes are forthcoming.
 2007-12-28 16:20:45 +00:00
Todd C. Miller
f8c52dc928 Add support for reading and /etc/environment file. Still needs to 
be documented and should probably only applies to OSes that have
it (AIX and Linux, maybe others).
 2007-12-21 21:53:32 +00:00
Todd C. Miller
317e600f41 Remove monitor support until there is a versino of systrace that 
uses a lookaside buffer (or we have a better mechanism to use).
 2007-08-15 15:20:01 +00:00
Todd C. Miller
e0ac56ae6f add _PATH_LDAP_SECRET 2005-06-26 22:36:51 +00:00
Todd C. Miller
74c19b024a Add _PATH_DEVNULL for those without it. 2004-12-16 18:25:54 +00:00
Todd C. Miller
b99ad3ee2b Kill _PATH_SUDOERS_TMP; it is not meaningful now that we can have multiple 
sudoers files.
 2004-09-28 18:29:05 +00:00
Todd C. Miller
5431e1451c _PATH_DEV_SYSTRACE 2004-09-24 00:15:13 +00:00
Aaron Spangler
2ceb87bc56 Allow --with-ldap-conf-file option to override LDAP_CONF 2004-08-27 03:44:35 +00:00
Todd C. Miller
4467a95f43 No longer use /tmp/.odus as a possible timestamp dir unless specifically 
configured to do so.  Instead, if no /var/run exists, use /var/adm/sudo
or /usr/adm/sudo.
 2004-05-17 20:28:54 +00:00
Todd C. Miller
3a2282c927 More to a less restrictive, ISC-style license. 2004-02-13 21:36:43 +00:00
Todd C. Miller
cc7cfa707e Add _PATH_TMP, _PATH_VARTMP and _PATH_USRTMP 2004-01-21 21:58:24 +00:00
Todd C. Miller
8e421c95b8 update copyright year 2004-01-05 17:15:32 +00:00
Todd C. Miller
626e2cd209 Add _PATH_SUDO_NOEXEC and corresponding --with-noexec configure option. 
The default value of noexec_file is set to this.
 2004-01-05 03:58:39 +00:00